Vulnerabilities in Java and Adobe Will Be Main Targets for Cybercriminals in 2013

 Vulnerabilities in Java and Adobe Will Be Main Targets for Cybercriminals in
                                     2013

PandaLabs makes predictions on what other security issues will dominate next
year

PR Newswire

ORLANDO, Fla., Dec. 18, 2012

ORLANDO, Fla., Dec. 18, 2012 /PRNewswire/ -- Software vulnerabilities will be
the main target of cyber-criminals next year, according to a list of security
trends that will dominate in 2013, by PandaLabs, Panda Security's malware
laboratory.  

"It is undoubtedly the preferred method of infection for compromising systems
transparently, used by both cyber-criminals and intelligence agencies in
countries around the world," said Luis Corrons, technical director of
PandaLabs.

In 2012, Java, which is installed on hundreds of millions of devices, was
repeatedly compromised and used to actively infect millions of users. Adobe,
given the popularity of its applications (Acrobat Reader, Flash, etc.) and its
multiple security flaws, was also one of the favorite tools for massively
infecting users as well as for targeted attacks.

"Although it is assumed that home users are exposed to the highest risk,
updating applications, which is essential for protecting against these types
of attacks, is a very complex process for corporations who must coordinate the
update among all workstations," explained Luis Corrons. "At the same time, all
the applications used in a company must work correctly. This makes the update
processes slow, which opens a window that is exploited to steal information in
general and launch targeted attacks in search of confidential data."

PandaLabs predicts that other areas that will emerge in 2013 as dominant
security issues are:

  o Social networks: The second most widely used technique is social
    engineering. Tricking users into collaborating to infect their computers
    and steal their data is an easy task, as there are no security
    applications to protect users from themselves. In this context, use of
    social networks (Facebook, Twitter, etc.), places where hundreds of
    millions of users exchange personal information, makes them the preferred
    hunting ground for tricking users.

  Particular attention should be paid to Skype, which after replacing
  Messenger, could become a target for cyber-criminals.

  o Malware for mobile devices: Android has become the dominant mobile
    operating system. In September 2012, Google announced that it had reached
    700 million Android activations. Although it is mainly used on smartphones
    and tablets, its flexibility and the fact that you do not have to buy a
    license to use it are going to result in new devices opting to use
    Google's operating system. Its use is going to become increasingly
    widespread, from televisions to all types of home appliances, which opens
    up a world of possible attacks as yet unknown.

  o Cyber-warfare / Cyber-espionage: Throughout 2012, different types of
    attacks have been launched against nations. The Middle East is worth
    mentioning, where the conflict is also present in cyber-space. In fact,
    many of these attacks are not even carried out by national governments but
    by citizens, who feel that they should defend their nation by attacking
    their neighbors using any means available.

  Furthermore, the governments of the world's leading nations are creating
  cyber commandos to prepare both defense and attack and therefore, the
  cyber-arms race will escalate.

  o Growth of malware: For two decades, the amount of malware has been growing
    dramatically. The figures are stratospheric, with tens of thousands of new
    malware strains appearing every day. This sustained growth seems very far
    from coming to an end.

  Despite security forces being better prepared to combat this type of crime,
  they are still handicapped by the absence of borders on the Internet. A
  police force can only act within its jurisdiction, whereas a cyber-crook can
  launch an attack from country A, steal data from citizens of country B, send
  the stolen data to a server situated in country C and could be living in
  country D. This can be done in just a few clicks, whereas coordinated action
  of security forces across various countries could take months. For this
  reason, cyber-criminals are still living their own golden era.

  o Malware for Mac: Cases like Flashback, which occurred in 2012, have
    demonstrated that not only is Mac susceptible to malware attacks but that
    there are also massive infections affecting hundreds of thousands of
    users. Although the number of malware strains for Mac is still relatively
    low compared to malware for PCs, we expect it to continue rising. A
    growing number of users added to security flaws and lack of user awareness
    (due to over-confidence), mean that the attraction of this platform for
    cyber-crooks will continue to increase next year.

  o Windows 8: Microsoft's latest operating system, along with all of its
    predecessors, will also suffer attacks. Cyber-criminals are not going to
    focus on this operating system only but they will also make sure that
    their creations work equally well on Windows XP to Windows 8, through
    Windows 7.

  One of the attractions of Microsoft's new operating system is that it runs
  on PCs, as well as on tablets and smartphones. For this reason, if
  functional malware strains that allow information to be stolen regardless of
  the type of device used are developed, we could see a specific development
  of malware for Windows 8 that could take attacks to a new level.

More information at PandaLabs blog.

About PandaLabs
Since 1990, PandaLabs, Panda Security's malware research laboratory, has been
working to detect and classify malware in order to protect consumers and
companies against new Internet threats. To do so, PandaLabs uses Collective
Intelligence, a cloud-based proprietary system that leverages the knowledge
gathered from Panda's user community to automatically detect, analyze and
classify the more than 73,000 new malware strains that appear every day. This
automated malware classification is complemented through the work of an
international team with researchers specialized each in a specific type of
malware (viruses, worms, Trojans, spyware and other attacks) to provide global
coverage. Get more information about PandaLabs and subscribe to its blog news
feed at http://www.pandalabs.com. Follow Panda on Twitter at
http://twitter.com/Panda_Security and Facebook at
http://www.facebook.com/PandaUSA.

SOURCE Panda Security

Website: http://www.pandasecurity.com
Contact: Jeana Tahnk, On behalf of Panda Security, jtahnk@bateman-group.com